Memo #
35415

ICI Comment Letter on FSB Consultation regarding Third-Party Risk Management and Oversight
| Print

[35415]

August 22, 2023

TO: ICI Members
ICI Global Members
Asia Regulatory and Policy Committee
Chief Risk Officer Committee
Europe Regulatory and Policy Committee
Global Operations Advisory Committee
SEC Rules Committee SUBJECTS: Cybersecurity
Financial Stability
International/Global
Investment Advisers
Operations RE: ICI Comment Letter on FSB Consultation regarding Third-Party Risk Management and Oversight

 

On August 21, 2023, ICI submitted a response[1] to the Financial Stability Board's consultation, Enhancing Third-Party Risk Management and Oversight.[2]

ICI's letter expresses general support for the overall goals and approach of the FSB's consultation and its use of a toolkit, rather than recommendations. ICI states that it would be concerned, however, if the tools in the toolkit were treated as recommendations that jurisdictions should mandate. It, therefore, requests that the FSB make clear in its final report that the toolkit is an optional reference resource that financial institutions and financial authorities may use in developing and implementing their own approaches and that the intent is not for financial authorities to require the use of any tool in the toolkit.

The letter also seeks clarification of certain provisions to ensure they are not interpreted as recommendations that regulatory authorities mandate that asset managers adopt a particular tool. The letter observes that although in many jurisdictions, financial authorities do not have direct supervisory authority over certain third-party service providers, that does not mean they should achieve this authority indirectly by prescribing certain duties for asset managers.

ICI's letter expresses support for the consultation's intent of promoting interoperability and the principle of proportionality, agreeing that the toolkit should not promote a one-size-fits-all approach. The letter notes that the tools for financial institutions provide useful tips and that many of the tools, including for the identification of critical services and onboarding and ongoing monitoring of service providers, are often used by asset managers.

The letter cautioned, however, that where certain tools call for the maintenance or communication of sensitive information, such as registers of service providers or incident reports, such information must be highly protected and the use of the information by authorities should be highly restricted.

 

Annette Capretta
Chief Counsel, ICI Global
 

Notes

[1] ICI's comment letter is available at https://www.ici.org/system/files/2023-08/23-cl-fsb-3rd-party-risk-mngmt-ovrsgt.pdf.

[2] For a summary of the consultation, see ICI Memorandum No. 35371(Jul. 11, 2023), available at https://www.ici.org/memo35371.